By far the most common reason accounts get hacked is that they had easy to remember and simple – sometimes even trivial – passwords.
In other words, the accounts have easy to hack passwords. Passwords like a pet's name, a friend's name spelled backwards, a favorite movie catch phrase, a significant other's name (or "iheart" followed by that name), and so on.
Hackers are extremely resourceful at guessing and ferreting out those all-too-common password schemes. And sometimes it's not even the hackers that end up with your passwords.
Here are seven key steps to keeping an account from being hacked due to simple and common password theft.
1 – Pick A Good Password. "iHeartSue" is bad. "qicITcl}" is great! The problem's pretty obvious, though – if it's easy to remember, then it's probably a bad password. Instead, use a blended approach: never use full words or names; mix upper and lower case letters, use numbers. Use at least 8 characters. A password like "ILoveWindows" is bad, but a variation – "1luvwind00s" could be very good. "CorgiDog", not so good, but "Igroc7Pup" might be ok. Get creative, using a technique you can remember that no one else could possibly guess.
2 – Keep Your Password Safe. Tell no one. Even in a close and presumably trusting relationship – if anything ever happens consider the damage that the person could do knowing your password. Too many account theft scenarios begin with trusting someone just a little too much, and then having the relationship go bad. Your friends are your friends until one day they're not. Especially if someone is pressuring you or if there's the least little bit of doubt, don't share your password.
3 – Use a "Secret Answer." Most systems use the answer to a "secret question" as a way to recover or reset a password. Unfortunately many people choose answers that anyone can guess, or easily research on the internet. Answers like where you were born or your pet's name are frequently easy to find out with a little searching. The good news is that your secret answer doesn't actually have to make sense. Pick something unrelated or bizarre instead; choose answers like "Pickle" as your city of birth, "Confusion" as your mother's maiden name, or perhaps "Flat Tire" as your favorite pet. As long as you can remember, it doesn't matter.
4 – Maintain That Alternate Email Address. An "alternate email address" is used by many mail accounts as a place to send you a password reminder or reset. Be sure to set up an account on a different email system for your alternate email address (any other free email system will do), and then use that address as your alternate everywhere else. Of course, keep the alternate account active so as not to lose it, since without it you may be out of luck.
5 – Remember. Remembering sounds easy, but like we said earlier: if it's easy to remember, then it's probably a bad password. And yet remembering and being difficult to guess are both critical. You must remember your password, failing that your secret answer, and failing that your alternate email account. Forget or lose them all, and you're severely out of luck. If written down, be sure to keep it all in a secure place – not something like the almost cliche scenario of finding poorly hidden sticky notes containing passwords near your computer. It might be safe to keep something in your wallet, since you already treat that as secure. An encrypted file or password container on your computer might be another option.
6 – Don't Get Taken. There are shady services that will claim to be able to retrieve your passwords and account access. Many are simply scams to take advantage of you when you are vulnerable and only take your money or login information for another account that they can then breech. The only place trustworthy enough for password and account recovery help is the service you've lost access to itself. If they can't help, then neither can a reputable third party.
7 – Learn From Your Mistakes. Finally, if you now know that you have a weak password, if you've told it to someone you shouldn't have, or if you've not set up that secret question or alternate account, fix it. Now. Change your password to something stronger, set up the alternate recovery methods, and keep your information private. If you've been hacked and you don't have any of that set up, you're very likely out of luck. Make sure to take more secure care of your account password and information with your next one.
No comments:
Post a Comment